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BASIC-ABSTRACT: 

NOVELTY - The process begins when a user uses their web browser to request 
content (such as a user's personal home page) from a content Servlet. The 
content Servlet will attempt to retrieve an SSO cookie from the web browser. 
If the cookie is not found, or its timestamp indicates that it has expired, the 
Servlet begins the login process. 

DETAILED DESCRIPTION - Otherwise, the Servlet will use the authentication data 
encrypted in the cookie to authenticate the user in the Servlet f s JVM. If this 
authentication fails, the Servlet will begin the login process. If it 
succeeds, it will send the content the user requested (the home page). 

USE - For authentication of Servlet/Applet/HTML. 

ADVANTAGE - (a) The user will not have to log in twice if the Java login Applet 
is used. The login Applet logs the user in to the Applet JVM, so all Applets 
later launched in that JVM will recognize the user as being logged in. Then the 
Applet sends a request to the login Servlet to continue the process; (b) Java 
and JavaScript are not required. If the user (or system administrator) does 
not expect to use authenticated Java Applets, the HTML login form can be used. 



This will log the user in with a Servlet and set the Single Sign-On cookie. 
This login process only requires a web browser that supports cookies and secure 
connections via HTTPS; (c) Using a minimum of Java makes web-based applications 
more flexible and more likely to run in a wide variety of web browsers on a 
variety of platforms. Web browsers often implement Java differently, which 
sometimes necessitates browser-specific code. This code makes web applications 
more fragile and buggy, and it prevents them from being used with browsers or 
platforms that were not tested with them while they were being developed; (d) 
Less memory is used on the client in most cases. If the HTML login Is used, no 
Java classes are loaded on the client. The login Applet loads only a minimal 
set of Java class archives (significantly less than the ODS Applet Launcher). 
Any other Applets load additional class archives only as they are needed; (e) 
Configurable security. The user name and password are always sent over secure 
connections. The SSO cookie in the web browser is encrypted so it cannot be 
read easily. The domains which can retrieve the SSO cookie are 
administrator-controlled, so it can only be retrieved by trusted servers. In 
case the cookie is stolen from the network, it expires after an amount of time 
chosen by the ODS administrator. Other Servlets will respond via either HTTP 
or HTTPS, depending on the system administrator's preference. Applets are 
loaded via HTTP for technical reasons, but they always communicate back to the 
server via HTTPS or secure RMI; (f) Single Sign-On can also authenticate the 
user to use other web applications that support SSO. 

DESCRIPTION OF DRAWING(S) - The diagram shows an overview of the authentication 
process. 
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